ZDI-CAN-18255: Adobe Digital Editions PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-21582
7.8HIGH
Summary
Adobe Digital Editions versions prior to 4.5.11.187303 are impacted by an out-of-bounds write vulnerability. This flaw could enable attackers to execute arbitrary code within the user’s context. Exploiting this vulnerability necessitates user interaction, as a malicious file must be opened by the victim to trigger the attack. It's essential for users to remain vigilant and update their software to mitigate potential security risks.
Affected Version(s)
Digital Editions <= 4.5.11.187303
Digital Editions <= unspecified
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved